CVE-2018-0003 — Networks Junos OS vulnerability

6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 54.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper Junos OS

Timeline

PublishedJan 10

Latest updateMay 13

Description

A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior t…

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D71+14

▶NVDjuniper/junos15 versions+14

▶juniperjuniper/junos_os

Patches

Patch: kb.juniper.net ↗Patch: kb.juniper.net ↗

🔴Vulnerability Details

GHSA

GHSA-x2pc-9r6q-7m2m: A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2018-0003: A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory↗2018-01-10

▶

💬Community

Bugzilla

CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)↗2017-10-09

▶

Bugzilla

CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning↗2017-08-22

▶